With the release of Windows 11, many are starting to test the OS on virtual machines. VMware Workstation and VMware vSphere are popular options for this. Since Microsoft has raised the hardware requirements for Windows 11, these must also be met in a virtual environment. The most significant hurdle is the need for a virtual Trusted Platform Module (TPM). This is why you can't officially run the OS on VirtualBox.

With Windows 11, Microsoft has upped the security requirements out of the box. Therefore, the PC must have a TPM device present to install the operating system. It seems the early release copies of Windows 11 didn't require this. However, the GA media now checks for the TPM module and, if not installed, throws an error.

This PC cant run Windows 11 error message

This PC cant run Windows 11 error message

In general, Windows 11 requires the hardware listed below to run, as documented by Microsoft. It can easily be provided on virtual hardware. Issues installing Windows 11 seem to arise primarily when a TPM device isn't found on older computers or the CPU is outdated. You can read the detailed requirements here.

In both VMware Workstation and VMware vSphere ESXi, there is a process for adding a virtual TPM device to the virtual machine.

VMware Workstation ^

At the time of this writing, VMware Workstation has no option for Windows 11. However, you can choose Windows 10 and later X64 here, and it works fine.

Choosing an operating system for Windows 11 installation in VMware Workstation 1

Choosing an operating system for Windows 11 installation in VMware Workstation 1

Before adding the virtual TPM device, we must encrypt the VMware Workstation VM. To do this, navigate to the Virtual Machine Settings > Access Control > Encryption section. Click the Encrypt button.

To use a virtual TPM the VM must be encrypted 1

To use a virtual TPM the VM must be encrypted 1

Next, under the Options > Advanced configuration, ensure the virtual machine is configured for UEFI > Enable secure boot.

Make sure the VM is set to UEFI and secure boot 1

Make sure the VM is set to UEFI and secure boot 1

Now, on the Virtual Machine Settings > Hardware tab, click Add. Choose the Trusted Platform Module, and click Finish.

Add the virtual TPM to the Windows 11 VM in VMware Workstation 1

Add the virtual TPM to the Windows 11 VM in VMware Workstation 1

After encrypting the hard disk and adding the TPM device, you can mount the ISO media and install Windows 11 in VMware Workstation without error.

VMware ESXi ^

Installing Windows 11 on a VMware vSphere ESXi VM is similar to VMware Workstation. When creating a new Windows 11 virtual machine in VMware ESXi, the VM needs to be encrypted to use the virtual TPM. In step 4, Select storage in the new virtual machine wizard, select the Encrypt this virtual machine checkbox.

Encrypt the virtual machine for Windows 11 in VMware ESXi

Encrypt the virtual machine for Windows 11 in VMware ESXi

To encrypt a virtual machine in VMware vSphere, you must have a key provider configured. With VMware vSphere 7 Update 2, you can use the built-in Native Key Provider to support virtual machine encryption without needing a third-party provider.

You can configure/view the integrated Key Provider configuration under the properties of your vCenter Server in vSphere Client > Configure > Key Providers.

Using the Native Key Provider in VMware ESXi 1

Using the Native Key Provider in VMware ESXi 1

To create a new VMware vSphere ESXi Windows 11 VM, in step 6, Select a guest OS, select Microsoft Windows 10 (64-bit). As of VMware vSphere 7.0 Update 3c, as in VMware Workstation, there is still no option for Windows 11. However, choosing Windows 10 works fine.

Select the guest OS version 1

Select the guest OS version 1

On the Virtual Hardware tab of the Customize hardware screen, you need to select Add new device > Trusted Platform Module.

Your physical ESXi host does not need to have a physical TPM 2.0 chip installed before you have the option of adding the virtual TPM. However, without a physical TPM 2.0 chip in the ESXi host, you can't implement other security recommendations, such as host attestation.

Adding the TPM to the Windows 11 VMware ESXi VM

Adding the TPM to the Windows 11 VMware ESXi VM

After finishing the creation of the virtual machine, the installation of Windows 11 begins without error and proceeds as expected.

Windows 11 installation begins in VMware ESXi without error 1

Windows 11 installation begins in VMware ESXi without error 1

Conclusion ^

Installing Windows 11 in VMware Workstation and VMware ESXi is relatively straightforward. You can satisfy the hardware requirements in both platforms by encrypting the hard disks and adding the virtual TPM device.

Subscribe to 4sysops newsletter!

Having a physical TPM device installed in the VMware Workstation or VMware ESXi host is not required to install Windows 11, since VMware can create a virtual vTPM 2.0 device. However, a physical TPM is required for host attestation and other advanced security implementations.

0 Comments

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account